<?php

function group_add() {
	global $conf;

	SQLvalidate($_POST['type']);

	if(!perms_check('users', 'gr_add')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	$ok = 0;

	$languages = get_lang_list();
	foreach($languages as $l) {
		if($_POST["name_$l"] != '')
		$ok = 1;
		$_POST["name_$l"] = post_text($_POST["name_$l"]);
		$_POST["desc_$l"] = post_text($_POST["desc_$l"]);
	}

	if(!is_numeric($_POST['rank']) or $ok == 0) {
		redirect('index.php?module=error&error=groups_error1');
		exit();
	}

	$db = new dbquery;

	$date = date('Y-m-d H:i:s');

	if(!$_POST['rank'])
	$_POST['rank'] = 0;

	$query = "INSERT INTO $conf[prefix_groups]groups (`type`, `color`, `date`, `rank`, `prefix`";
	$query2 = " VALUES($_POST[type], '$_POST[color]', '$date', '$_POST[rank]', '$_POST[prefix]'";

	$q3 = "SELECT * FROM $conf[prefix_groups]groups WHERE";

	$foo = 0;
	foreach($languages as $l) {
		$query .= ", `name_$l`, `desc_$l`";
		$query2 .= ", '".$_POST["name_$l"]."', '".$_POST["desc_$l"]."'";
		if($foo++ > 0)
		$q3 .= ' or';
		$q3 .= " (name_$l = '".$_POST["name_$l"]."' and name_$l != '')";
	}

	$db->query($q3) or $db->err(__FILE__, __LINE__);

	if($db->num_rows() != 0) {
		redirect('index.php?module=error&error=groups_error4');
		exit();
	}

	$db->query("$query)$query2)") or $db->err(__FILE__, __LINE__);

	$_POST['id'] = $db->insert_id();
		
	//add log
	
	//

	redirect("index.php?module=admin&action=groups&cmd=edit_perms&amp;id=".$_POST['id']);
	exit();
}


function group_edit() {
	global $conf;

	SQLvalidate($_POST['id']);
	SQLvalidate($_POST['type']);

	if(!perms_check('users', 'gr_edit')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	$languages = get_lang_list();
	foreach($languages as $l) {
		if($_POST["name_$l"] != '')	$ok = 1;
		$_POST["name_$l"] = post_text($_POST["name_$l"]);
		$_POST["desc_$l"] = post_text($_POST["desc_$l"]);
	}

	if(!is_numeric($_POST['rank']) or $ok == 0) {
		redirect('index.php?module=error&error=groups_error1');
		exit();
	}

	$db = new dbquery;
	$db->query("SELECT * FROM $conf[prefix_groups]groups WHERE id = $_POST[id]") or $db->err(__FILE__, __LINE__);

	if($db->num_rows() == 0) {
		redirect($_SESSION['redirect_1']);
		exit();
	}

	$d = $db->fetch_object();

	$ed = 1;

	if($d->type == -1 or get_gid_by_uid($_SESSION['id']) == $_POST['id']) {
		$ed = 0;
		#redirect('index.php?module=admin&action=groups');
		#exit;
	}

	if(!$_POST['rank'])
	$_POST['rank'] = 0;

	if($ed == 0)
	$_POST['type'] = $d->type;

	$query = "UPDATE $conf[prefix_groups]groups SET type=$_POST[type], color='$_POST[color]', rank='$_POST[rank]', prefix='$_POST[prefix]'";

	$q3 = "SELECT * FROM $conf[prefix_groups]groups WHERE id != $_POST[id] and (";

	$foo = 0;
	foreach($languages as $l) {
		$query .= ", name_$l = '".$_POST["name_$l"]."', desc_$l = '".$_POST["desc_$l"]."'";
		if($foo++ > 0)
		$q3 .= ' or';
		$q3 .= " (name_$l = '".$_POST["name_$l"]."' and name_$l != '')";
	}

	$db->query("$q3)") or $db->err(__FILE__, __LINE__);

	if($db->num_rows() != 0) {
		redirect('index.php?module=error&error=groups_error4');
		exit();
	}

	$query .= " WHERE id=$_POST[id]";
	$db->query($query) or $db->err(__FILE__, __LINE__);

	//add log
	
	//
	
	//czyszczenie cache
	$db->query("SELECT id FROM $conf[prefix]users WHERE gid=$_POST[id]");
	while($u=$db->fetch_object())
	   $db->clear_cache('user_by_id_'.$u->id.'.cache', 'groups');
	$db->clear_cache('group_'.$_POST['id'].'*', 'groups');
	$db->clear_cache('group_rank_'.$_POST['id'].'.cache', 'groups');
	//

	redirect("index.php?module=admin&amp;action=groups");
	exit();
}

function group_delete() {
	if(!perms_check('users', 'gr_delete')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	global $conf;

	$db = new dbquery;

	if(!$_GET['group'] or !is_numeric($_GET['group'])) {
		redirect($_SESSION['redirect_1']);
		exit();
	}

	$db->query("SELECT * FROM $conf[prefix_groups]groups WHERE id = $_GET[group]") or $db->err(__FILE__, __LINE__);

	if($db->num_rows() == 0) {
		redirect($_SESSION['redirect_1']);
		exit();
	}

	$d = $db->fetch_object();
	$ttl = "name_".$_SESSION['lang_short'];
	
	if($d->type == -1 or get_gid_by_uid($_SESSION['id']) == $_GET['group']) {
		redirect('index.php?module=admin&action=groups');
		exit;
	}

	$db->query("DELETE FROM $conf[prefix_groups]groups WHERE id = $_GET[group]") or $db->err(__FILE__, __LINE__);
	$db->query("UPDATE $conf[prefix_users]users SET gid = 2 WHERE gid = $_GET[group]") or $db->err(__FILE__, __LINE__);

	//add log
	
	//

	//czyszczenie cache
	$db->clear_cache('group_'.$_POST['id'].'*', 'groups');
	$db->clear_cache('group_rank_'.$_POST['id'].'.cache', 'groups');
	//

	redirect("index.php?module=admin&amp;action=groups");
	exit();
}

function group_edit_perms() {
	global $conf;

	SQLvalidate($_POST['id']);
	
	if(!perms_check('users', 'gr_perms_edit')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	$db = new dbquery;
	$db2 = new dbquery;
	$db3 = new dbquery;
	
	$db->query("SELECT * FROM $conf[prefix_groups]groups WHERE id = $_POST[id]") or $db->err(__FILE__, __LINE__);

	if($db->num_rows() == 0) {
		redirect($_SESSION['redirect_1']);
		exit();
	}

	$d = $db->fetch_object();

	$prm = '';

	$fields = $db->list_fields("$conf[prefix_groups]groups");
	$i=1;
	for($x = 1; $x < $db->num_fields($fields); $x++) {
		$nm = $db->field_name($fields, $x);
		if($nm=="rank") { // end on `prefix` table field
			$i=$x+1;
			break;
		}
	}
	
	$fields = $db->list_fields("$conf[prefix_groups]groups");
	for($x = $i; $x < $db->num_fields($fields); $x++) {
		$nm = $db->field_name($fields, $x);
	
		if($nm=="prefix") // end on `prefix` table field
			break;

		$db3->query("SELECT * FROM $conf[prefix_groups]groups_pdefs WHERE name = '$nm'") or $db3->err(__FILE__, __LINE__);

		$pdefs = $db3->fetch_object();

		$defs = explode(';', $pdefs->defs);
		$types = explode(';', $pdefs->types);

		$v = NULL;

		for($k = 0; $k < count($defs); $k++) {
			$index =  $nm.'__'.$defs[$k];
			if($types[$k] == 'bool' and $_POST[$index] == '')
			$_POST[$index] = 0;

			if($v != '' and is_numeric($_POST[$index]))
			$v .= ';';

			$v .= $_POST[$index];
		}

		if($v == '')
		$v = "''";
		else
		$v = "'$v'";

		$v = $db->field_name($fields, $x)." = $v";
		if($prm == '')
		$prm = $v;
		else
		$prm .= ", $v";
	}

	if($prm != '')
	$db2->query("UPDATE $conf[prefix_groups]groups SET $prm WHERE id = $_POST[id]") or $db2->err(__FILE__, __LINE__);

	$db->clear_cache('group_'.$_POST['id'].'.cache', 'groups');
	
	//add log
	
	//

	redirect("index.php?module=admin&amp;action=groups");
	exit();
}
?>
